Doug,
I've never configured SQL Server for access over the Internet but I can think of one must do - change the TCP/IP port number. By default, packets will be sent to port 1433. Use the Server Network Utility to change that.
Here's an MSKB article that may prove useful:
http://support.microsoft.com/support/kb/articles/Q216/4/15.ASP?LNG=ENG&SA=ALLKB&FR=0When you say "manage their own data but no one else's" is the data in the same or different databases. SQL Server does not have a native row-wise security mechanism. The easiest thing would be to put the data into different databases. Give all users a SQL Server login and access to only their own database. If you add them to the db_owner database role, they'll have full access to manipulate the data in their database only.
-Mike